Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / ae038f8e16090ac2bf5b5d678cd6ccbe7aa9ec8a^! / . / server / BandwidthControllerTest.cpp
commitae038f8e16090ac2bf5b5d678cd6ccbe7aa9ec8a[log] [tgz]
authorLuke Huang <huangluke@google.com>Mon Nov 05 11:17:31 2018 +0900
committerLuke Huang <huangluke@google.com>Mon Nov 19 09:28:41 2018 +0000
treeeb3f3c52c6fbf7989a591f1ffc9ecf324a231f28
parent19b49c534090e84f018d3be91f83c29594ee8f9b [diff] [blame]
Nat-related commands refine

We need this to ensure that the tethering IPCs don't need to grab the
lock in two different controllers

The idea is that always having a global_alert rule in bw_global_alert
chain.
TetherController will enable/disable the reference of bw_global_alert
chain.

[childchain order of filter FORWARD chain]
Chain FORWARD
   nm_mdmprxy_iface_pkt_fwder
   oem_fwd
   fw_FORWARD
   bw_FORWARD
   tetherctrl_FORWARD

--Simple rule comparison--
[Before]
Chain bw_FORWARD
    Alert rule
    ... other rules
Chain tetherctrl_FORWARD
    ... other rules
[After]
Chain bw_FORWARD
    No Alert rule
    ... other rules
Chain tetherctrl_FORWARD
    Jump to bw_global_alert
    ... other rules
Chain bw_global_alert
   Alert rule

The exact rule comparison is shown in the bug.

Bug:119735985
Test: built, flashed, booted
      system/netd/tests/runtests.sh passes

Change-Id: Ibf752d0c8de9170689fc74c89c0424d2642853ec

diff --git a/server/BandwidthControllerTest.cpp b/server/BandwidthControllerTest.cpp
index dc67f6c..febbe62 100644
--- a/server/BandwidthControllerTest.cpp
+++ b/server/BandwidthControllerTest.cpp

@@ -53,10 +53,12 @@
 
 const std::string ACCOUNT_RULES_WITHOUT_BPF =
         "*filter\n"
+        "-A bw_INPUT -j bw_global_alert\n"
         "-A bw_INPUT -p esp -j RETURN\n"
         "-A bw_INPUT -m mark --mark 0x100000/0x100000 -j RETURN\n"
         "-A bw_INPUT -m owner --socket-exists\n"
         "-A bw_INPUT -j MARK --or-mark 0x100000\n"
+        "-A bw_OUTPUT -j bw_global_alert\n"
         "-A bw_OUTPUT -o ipsec+ -j RETURN\n"
         "-A bw_OUTPUT -m policy --pol ipsec --dir out -j RETURN\n"
         "-A bw_OUTPUT -m owner --socket-exists\n"
@@ -82,10 +84,12 @@
 
 const std::string ACCOUNT_RULES_WITH_BPF =
         "*filter\n"
+        "-A bw_INPUT -j bw_global_alert\n"
         "-A bw_INPUT -p esp -j RETURN\n"
         "-A bw_INPUT -m mark --mark 0x100000/0x100000 -j RETURN\n"
         "\n"
         "-A bw_INPUT -j MARK --or-mark 0x100000\n"
+        "-A bw_OUTPUT -j bw_global_alert\n"
         "-A bw_OUTPUT -o ipsec+ -j RETURN\n"
         "-A bw_OUTPUT -m policy --pol ipsec --dir out -j RETURN\n"
         "\n"
@@ -128,28 +132,30 @@
         mTun.destroy();
     }
 
-    void expectSetupCommands(const std::string& expectedClean, std::string expectedAccounting) {
+    void expectSetupCommands(const std::string& expectedClean,
+                             const std::string& expectedAccounting) {
         std::string expectedList =
             "*filter\n"
             "-S\n"
             "COMMIT\n";
 
         std::string expectedFlush =
-            "*filter\n"
-            ":bw_INPUT -\n"
-            ":bw_OUTPUT -\n"
-            ":bw_FORWARD -\n"
-            ":bw_happy_box -\n"
-            ":bw_penalty_box -\n"
-            ":bw_data_saver -\n"
-            ":bw_costly_shared -\n"
-            "COMMIT\n"
-            "*raw\n"
-            ":bw_raw_PREROUTING -\n"
-            "COMMIT\n"
-            "*mangle\n"
-            ":bw_mangle_POSTROUTING -\n"
-            "COMMIT\n";
+                "*filter\n"
+                ":bw_INPUT -\n"
+                ":bw_OUTPUT -\n"
+                ":bw_FORWARD -\n"
+                ":bw_happy_box -\n"
+                ":bw_penalty_box -\n"
+                ":bw_data_saver -\n"
+                ":bw_costly_shared -\n"
+                ":bw_global_alert -\n"
+                "COMMIT\n"
+                "*raw\n"
+                ":bw_raw_PREROUTING -\n"
+                "COMMIT\n"
+                "*mangle\n"
+                ":bw_mangle_POSTROUTING -\n"
+                "COMMIT\n";
 
         ExpectedIptablesCommands expected = {{ V4, expectedList }};
         if (expectedClean.size()) {
@@ -165,14 +171,10 @@
 
     using IptOp = BandwidthController::IptOp;
 
-    int runIptablesAlertCmd(IptOp a, const char *b, int64_t c) {
+    int runIptablesAlertCmd(IptOp a, const char* b, int64_t c) {
         return mBw.runIptablesAlertCmd(a, b, c);
     }
 
-    int runIptablesAlertFwdCmd(IptOp a, const char *b, int64_t c) {
-        return mBw.runIptablesAlertFwdCmd(a, b, c);
-    }
-
     int setCostlyAlert(const std::string& a, int64_t b, int64_t* c) {
         return mBw.setCostlyAlert(a, b, c);
     }
@@ -467,42 +469,20 @@
 
 TEST_F(BandwidthControllerTest, IptablesAlertCmd) {
     std::vector<std::string> expected = {
-        "*filter\n"
-        "-I bw_INPUT -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
-        "-I bw_OUTPUT -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
-        "COMMIT\n"
-    };
+            "*filter\n"
+            "-I bw_global_alert -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
+            "COMMIT\n"};
     EXPECT_EQ(0, runIptablesAlertCmd(IptOp::IptOpInsert, "MyWonderfulAlert", 123456));
     expectIptablesRestoreCommands(expected);
 
     expected = {
-        "*filter\n"
-        "-D bw_INPUT -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
-        "-D bw_OUTPUT -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
-        "COMMIT\n"
-    };
+            "*filter\n"
+            "-D bw_global_alert -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
+            "COMMIT\n"};
     EXPECT_EQ(0, runIptablesAlertCmd(IptOp::IptOpDelete, "MyWonderfulAlert", 123456));
     expectIptablesRestoreCommands(expected);
 }
 
-TEST_F(BandwidthControllerTest, IptablesAlertFwdCmd) {
-    std::vector<std::string> expected = {
-        "*filter\n"
-        "-I bw_FORWARD -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
-        "COMMIT\n"
-    };
-    EXPECT_EQ(0, runIptablesAlertFwdCmd(IptOp::IptOpInsert, "MyWonderfulAlert", 123456));
-    expectIptablesRestoreCommands(expected);
-
-    expected = {
-        "*filter\n"
-        "-D bw_FORWARD -m quota2 ! --quota 123456 --name MyWonderfulAlert\n"
-        "COMMIT\n"
-    };
-    EXPECT_EQ(0, runIptablesAlertFwdCmd(IptOp::IptOpDelete, "MyWonderfulAlert", 123456));
-    expectIptablesRestoreCommands(expected);
-}
-
 TEST_F(BandwidthControllerTest, CostlyAlert) {
     const int64_t kQuota = 123456;
     int64_t alertBytes = 0;